18 matches found
CVE-2026-48128
Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to targ...
CVE-2026-48152
Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific ownership/resource checks. The built-in Basic app user role maps to the WRITE permission set, which...
CVE-2026-48128
Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to targ...
CVE-2026-45715 Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration
Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration packages/server/src/integrations/rest.ts follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal services cloud metadata, databases by redirecti...
CVE-2026-48128
Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to targ...
CVE-2026-48152 Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL
Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific ownership/resource checks. The built-in Basic app user role maps to the WRITE permission set, which...
CVE-2026-48152 Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL
Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific ownership/resource checks. The built-in Basic app user role maps to the WRITE permission set, which...
PT-2026-44063
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description Insufficient permission checks on the single-datasource 'GET' and 'PUT' routes allow users with the Basic app user role to access and modify REST datasource configurations. Because these routes are...
Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration
Summary The REST datasource integration follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal services cloud metadata, databases by redirecting through an attacker-controlled server. The same vulnerability class was already patched in...
CVE-2026-31818
Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery SSRF vulnerability exists in Budibase's REST datasource connector. The platform's SSRF protection mechanism IP blacklist is rendered completely ineffective because the BLACKLISTIPS environment...
GHSA-7R9J-R86Q-7G45 Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist
Summary | Field | Value | |-------|-------| | Title | SSRF via REST Connector with Empty Default Blacklist Leading to Full Internal Data Exfiltration | | Product | Budibase | | Version | 3.30.6 latest stable as of 2026-02-25 | | Component | REST Datasource Integration + Backend-Core Blacklist...
Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist
Summary | Field | Value | |-------|-------| | Title | SSRF via REST Connector with Empty Default Blacklist Leading to Full Internal Data Exfiltration | | Product | Budibase | | Version | 3.30.6 latest stable as of 2026-02-25 | | Component | REST Datasource Integration + Backend-Core Blacklist...
CVE-2026-31818
Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery SSRF vulnerability exists in Budibase's REST datasource connector. The platform's SSRF protection mechanism IP blacklist is rendered completely ineffective because the BLACKLISTIPS environment...
CVE-2026-31818 Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist
Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery SSRF vulnerability exists in Budibase's REST datasource connector. The platform's SSRF protection mechanism IP blacklist is rendered completely ineffective because the BLACKLISTIPS environment...
CVE-2026-31818
Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery SSRF vulnerability exists in Budibase's REST datasource connector. The platform's SSRF protection mechanism IP blacklist is rendered completely ineffective because the BLACKLISTIPS environment...
Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview
Summary The REST datasource query preview endpoint POST /api/queries/preview makes server-side HTTP requests to any URL supplied by the user in fields.path with no validation. An authenticated admin can reach internal services that are not exposed to the internet — including cloud metadata...
GHSA-4647-WPJQ-HH7F Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview
Summary The REST datasource query preview endpoint POST /api/queries/preview makes server-side HTTP requests to any URL supplied by the user in fields.path with no validation. An authenticated admin can reach internal services that are not exposed to the internet — including cloud metadata...
Server-side Request Forgery (SSRF)
Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the preview in the REST datasource query endpoint, which allows user-supplied URLs in the fields.path parameter to be requested by the server without...